Lucene search

K

FreeBSD : FreeBSD -- Heap vulnerability in bspatch (7d4f4955-600a-11e6-a6c3-14dae9d210b8)

FreeBSD heap vulnerability in bspatch, allowing arbitrary code execution

Show more
Related
Refs
Code
ReporterTitlePublishedViews
Family
OSV
bsdiff-4.3-5.3 on GA media
15 Jun 202400:00
osv
OSV
bsdiff - security update
3 Nov 201600:00
osv
OSV
bsdiff - security update
26 Nov 201900:00
osv
OSV
bsdiff vulnerabilities
15 Sep 202020:33
osv
Debian
[SECURITY] [DLA 2010-1] bsdiff security update
26 Nov 201921:29
debian
Debian
[SECURITY] [DLA 697-1] bsdiff security update
3 Nov 201611:36
debian
Mageia
Updated bsdiff packages fix security vulnerability
31 Aug 201618:32
mageia
Mageia
Updated ostree packages fix security vulnerability
16 Sep 202222:39
mageia
OpenVAS
SUSE: Security Advisory (SUSE-SU-2022:3671-1)
21 Oct 202200:00
openvas
OpenVAS
openSUSE: Security Advisory for libostree (SUSE-SU-2022:3094-1)
7 Sep 202200:00
openvas
Rows per page
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from the FreeBSD VuXML database :
#
# Copyright 2003-2018 Jacques Vidrine and contributors
#
# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,
# HTML, PDF, PostScript, RTF and so forth) with or without modification,
# are permitted provided that the following conditions are met:
# 1. Redistributions of source code (VuXML) must retain the above
#    copyright notice, this list of conditions and the following
#    disclaimer as the first lines of this file unmodified.
# 2. Redistributions in compiled form (transformed to other DTDs,
#    published online in any format, converted to PDF, PostScript,
#    RTF and other formats) must reproduce the above copyright
#    notice, this list of conditions and the following disclaimer
#    in the documentation and/or other materials provided with the
#    distribution.
# 
# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS"
# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,
# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(92928);
  script_version("2.4");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/04");

  script_cve_id("CVE-2014-9862");
  script_xref(name:"FreeBSD", value:"SA-16:25.bspatch");

  script_name(english:"FreeBSD : FreeBSD -- Heap vulnerability in bspatch (7d4f4955-600a-11e6-a6c3-14dae9d210b8)");
  script_summary(english:"Checks for updated packages in pkg_info output");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote FreeBSD host is missing one or more security-related
updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"The implementation of bspatch does not check for a negative value on
numbers of bytes read from the diff and extra streams, allowing an
attacker who can control the patch file to write at arbitrary
locations in the heap.

This issue was first discovered by The Chromium Project and reported
independently by Lu Tung-Pin to the FreeBSD project. Impact : An
attacker who can control the patch file can cause a crash or run
arbitrary code under the credentials of the user who runs bspatch, in
many cases, root."
  );
  # https://vuxml.freebsd.org/freebsd/7d4f4955-600a-11e6-a6c3-14dae9d210b8.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?e69bc7d3"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:FreeBSD");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd");

  script_set_attribute(attribute:"vuln_publication_date", value:"2016/07/25");
  script_set_attribute(attribute:"patch_publication_date", value:"2016/08/11");
  script_set_attribute(attribute:"plugin_publication_date", value:"2016/08/12");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"FreeBSD Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info", "Settings/ParanoidReport");

  exit(0);
}


include("audit.inc");
include("freebsd_package.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD");
if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING);


if (report_paranoia < 2) audit(AUDIT_PARANOID);

flag = 0;

if (pkg_test(save_report:TRUE, pkg:"FreeBSD>=10.3<10.3_6")) flag++;
if (pkg_test(save_report:TRUE, pkg:"FreeBSD>=10.2<10.2_20")) flag++;
if (pkg_test(save_report:TRUE, pkg:"FreeBSD>=10.1<10.1_37")) flag++;
if (pkg_test(save_report:TRUE, pkg:"FreeBSD>=9.3<9.3_45")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
12 Aug 2016 00:00Current
0.2Low risk
Vulners AI Score0.2
CVSS27.2
CVSS37.8
EPSS0.944
23
.json
Report